Debian Security Advisory 4109-1

Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.

Lalith Rallabhandi discovered that OmniAuth, a Ruby library forimplementing multi-provider authentication in web applications,mishandled and leaked sensitive information. An attacker with access tothe callback environment, such as in the case of a crafted webapplication, can request authentication services from this module andaccess to the CSRF token.

For the oldstable distribution (jessie), this problem has been fixedin version 1.2.1-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed inversion 1.3.1-1+deb9u1.